Drupal Anonymous Open Redirect

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users int...

CVE-2024-32028

OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore the url.full writes attribute/tag on spans Activity when tracing is enabled for outgoing http requests and...

OESA-2024-1401 nodejs-qs security update

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others. Security Fixes: qs before 6.10.3, as used in Express before 4.17.3 a...

OESA-2024-1403 nodejs-qs security update

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others. Security Fixes: qs before 6.10.3, as used in Express before 4.17.3 a...

Rapid7 InsightVM 安全漏洞

Rapid7 InsightVM is a vulnerability scanning and management application from Rapid7 USA. A security vulnerability exists in Rapid7 InsightVM versions prior to 6.6.244. The vulnerability stems from a sensitive information exposure vulnerability on the login page in maintenance mode, whereby when...

BIT-MYBB-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

CVE-2023-37521

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack...

CVE-2023-37521

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack...

CVE-2023-37521 HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack...

HCL Technologies BigFix OSD Security Vulnerability

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. It is used for the deployment of operating systems. A security vulnerability exists in HCL Technologies BigFix Bare OSD Metal Server WebUI 311.19 and prior versions, which stems from the inclusion o...

Null pointer dereference

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

CVE-2023-38321

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service NULL pointer dereference, daemon crash, and Captive Portal outage via a GET request to /openndsauth/ that lacks a custom query string parameter and client-token...

Vite Cross-Site Scripting Vulnerability

Vite is a new front-end builder tool open-sourced by Vite. Vite suffers from a cross-site scripting vulnerability that stems from the ability to inject arbitrary HTML into the output by providing a malicious URL query string...

SLiMS 9 Bulian SQL Injection Vulnerability

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. An SQL injection vulnerability exists in SLiMS 9 Bulian version v9.6.1, which...

CVE-2023-38313

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a dobinauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS a Denial-of-Service condition...

Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server

Summary Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server Vulnerability Details CVEID:CVE-2023-28708 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the missing of secure...

SUSE CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

GHSA-QWRX-45XF-JJF7 Elasticsearch vulnerable to stack overflow in the search API

A flaw was discovered in Elasticsearch affecting the search API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service...

Chevereto CMS 3.7.0 HTTP Parameter Pollution

==================================================================================================================================== | Title : Chevereto CMS V3.7.0 HPP Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendo...

Important: tomcat8

Issue Overview: The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a reques...